Bug 38040 - WebCore::WebGLArrayInternal::lengthAttrGetter ReadAV@NULL (b1a3e1a3e9d01f17fd493d68eeb2742f)
Summary: WebCore::WebGLArrayInternal::lengthAttrGetter ReadAV@NULL (b1a3e1a3e9d01f17fd...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebGL (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Kenneth Russell
URL: http://jssh.skypher.com/4.4/Main.html...
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-23 02:12 PDT by Berend-Jan Wever
Modified: 2010-06-30 12:17 PDT (History)
6 users (show)

See Also:

Attachments
Patch (5.96 KB, patch)
2010-06-30 11:24 PDT, Kenneth Russell 		oliver: review+
kbr: commit-queue-
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2010-04-23 02:12:15 PDT 
Repro:       new window.WebGLUnsignedIntArray().length;
Id:          WebCore::WebGLArrayInternal::lengthAttrGetter ReadAV@NULL (b1a3e1a3e9d01f17fd493d68eeb2742f)
Description: Attempt to read from NULL pointer in WebCore::WebGLArrayInternal::lengthAttrGetter
Comment 1 Kenneth Russell 2010-06-30 11:23:19 PDT 
This crash occurs in both Safari and Chrome -- i.e., in both the JSC and V8 bindings.
Comment 2 Kenneth Russell 2010-06-30 11:24:44 PDT 
Created attachment 60136 [details]
Patch

From the ChangeLog:

Changed custom ArrayBufferView constructors to create a fully-initialized, zero-length array when called with zero arguments. This is the simplest fix which works identically in both the JSC and V8 bindings.
Comment 3 Oliver Hunt 2010-06-30 11:47:21 PDT 
Comment on attachment 60136 [details]
Patch

r=me
Comment 4 Kenneth Russell 2010-06-30 12:17:25 PDT 
Committed r62194: <http://trac.webkit.org/changeset/62194>